[HN Gopher] Arti - An implementation of Tor in Rust
___________________________________________________________________
Arti - An implementation of Tor in Rust
Author : solanav
Score : 304 points
Date : 2022-03-15 11:02 UTC (11 hours ago)
(HTM) web link (blog.torproject.org)
(TXT) w3m dump (blog.torproject.org)
| nonrandomstring wrote:
| Well done and thank you to all involved. You are making a real
| difference on the side of democracy, human rights and the values
| of the free world at an uncertain time when so much is under
| threat.
| iamnotarobotman wrote:
| bavell wrote:
| You might've heard about this thing called the internet that
| does the same thing. Perhaps we should ban it too since rich
| people and bad guys use it?
| iamnotarobotman wrote:
| You also might have heard about this saying which goes by:
| _' The road to hell is paved with good intentions'_ and it
| goes both ways. At least I happen to recognize that, unlike
| the grandparent comment.
|
| But where did I exactly say 'ban' it?
| bavell wrote:
| So you're saying a tor rewrite in rust is the road to
| hell then?
|
| Or that tor itself is the road to hell?
|
| Either way, your same argument can be made against the
| whole internet which should demonstrate how silly it is.
| iamnotarobotman wrote:
| > Either way, your same argument can be made against the
| whole internet which should demonstrate how silly it is.
|
| Not really.
|
| I recognize that the same criminals can also use the
| wider internet too, however there are central authorities
| and regulators in different countries that have laws that
| regulate the internet in the countries that they are in
| and these criminals will be caught very quickly if they
| tried.
|
| The difference is that Tor only makes it more harder to
| trace, hence the appeal to criminals, extremists and
| terrorists to use it for their illegal activities which
| that is its unintended use case after promising _'
| privacy'_ and _' anonymity'_ for 'everyone'.
|
| So yes, that is it's 'decentralised' road to hell indeed.
| sodality2 wrote:
| You could have said the same thing circa 30 years ago
| regarding the internet versus phone calls and letters.
| WesternWind wrote:
| Most people using tor aren't terrorists, oligarchs,
| extremists or career criminals though.
| iamnotarobotman wrote:
| Have you finally cracked the Tor network yet to find and
| trace all those Nazis, extremists, hitmen and terrorists
| that are still hiding there to make that unfounded claim?
| justinclift wrote:
| Seems to be exactly as unfounded as yours, yes?
| iamnotarobotman wrote:
| Is it? There's just too many to list here, even after the
| shutting down of Silk Road, but these crackdowns cannot
| be ignored; and look what they found. Majority of
| criminals using it once again.
|
| [0] https://www.technologyreview.com/2020/02/08/349016/a-
| dark-we...
|
| [1]
| https://www.computerworld.com/article/2845616/biggest-
| ever-t...
| justinclift wrote:
| k. And what about the people using it who aren't
| criminals, so aren't reported in the press?
| nyanpasu64 wrote:
| You're moving the goalposts. The people operating darknet
| markets are not Nazis, extremists, and generally not
| hitmen and terrorists. I _have_ heard that many onion
| services host child sexual abuse imagery though, but I
| 've never looked for reliable citations or personally
| verified.
| iamnotarobotman wrote:
| > You're moving the goalposts.
|
| Am I? Or didn't I just say _' There's just too many to
| list here'_ and just listed the notable examples.
|
| > The people operating darknet markets are not Nazis,
| extremists, and generally not hitmen and terrorists.
|
| So who operated those Tor nodes and services of multiple
| darknet websites in [0] and [1]? Another cybercriminal.
|
| > I've never looked for reliable citations or personally
| verified.
|
| Talking about _' movings goal posts'_ and missing the
| whole _' anonymity'_ point of Tor. Only time will tell,
| but so far a great use case for criminals, extremists and
| terrorists using it.
|
| [0] https://www.nbcnews.com/technolog/how-anonymous-tor-
| users-co...
|
| [1] https://www.technologyreview.com/2020/02/08/349016/a-
| dark-we...
| jokethrowaway wrote:
| You can't prevent criminals from using math to conceal their
| activities (they can just use other solutions), you can just
| prevent law abiding citizens from having privacy.
| ajconway wrote:
| Not really. TOR is specifically not safe against a global
| passive observer, which the (supposedly) good guys are.
| andai wrote:
| I've been wondering about this. Afaik Ross Ulbricht was
| caught due to shitty opsec. Was that a case of the NSA
| having that capability and not sharing it with the FBI?
| gzer0 wrote:
| _Ulbricht was first connected to "Dread Pirate Roberts"
| by Gary Alford, an Internal Revenue Service investigator
| working with the U.S. Drug Enforcement Administration on
| the Silk Road case, in mid-2013.The connection was made
| by linking the username "altoid", used during Silk Road's
| early days to announce the website, and a forum post in
| which Ulbricht, posting under the nickname "altoid",
| asked for programming help and gave his email address,
| which contained his full name._
|
| [1] https://en.wikipedia.org/wiki/Ross_Ulbricht#Arrest
| kekebo wrote:
| Towards the flagged sibling comment about the tor network
| providing a hiding place for illegal activities and terrorism:
|
| While it's non-trivial to inspect many aspects of tor traffic,
| an often used study metric has been the (determinable)
| percentage of connections to hidden services, which are usually
| assumed to be disproportionately malicious.
|
| This ranges around ~5% across most studies, the most recent one
| I can find shows similar results[0].
|
| Results are limited by the inability to account for lawful use
| of hidden services, but also the percentage of malicious use
| outside of them.
|
| [0] https://www.pnas.org/doi/full/10.1073/pnas.2011893117
| krageon wrote:
| > which are usually assumed to be disproportionately
| malicious.
|
| Why is this assumed?
| judge2020 wrote:
| It's easier to account for the quantity of malicious use of
| Tor towards non-hidden internet websites
|
| > Based on data across the CloudFlare network, 94% of
| requests that we see across the Tor network are per se
| malicious.
|
| https://blog.cloudflare.com/the-trouble-with-tor/
| psychlops wrote:
| For comparison, I'm curious what the percentage is
| excluding Tor.
| solanav wrote:
| I'm so happy we are finally getting an easy to use library to use
| Tor. I've wanted to use Tor in some of my projects but I didn't
| like having to install it or expecting the user to have it
| installed already. Time to re-learn rust...
| dtx1 wrote:
| Every time a piece of legacy c/c++ code get's replaced with
| something written in a sane language i smile a little!
| pjmlp wrote:
| Unfortunely there are tons of domains that it will never
| happen, given the existing ecosystem
|
| We as society basically have to undo 50 years of going into the
| wrong direction, without the economical incentives to fix them,
| rather mitigate their faults.
| dtx1 wrote:
| While that is true and for some extreme cases might stay true
| for a long time (> 100 years) most software has a lifetime,
| even if it's damn long and as long as we start writing new
| software in better languages we will see progress over time,
| simply by old software dying or no one being able to deal
| with the legacy codebase anymore
| zozbot234 wrote:
| There are millions of lines of code written in COBOL in
| production use, pretty much all of them addressing business-
| critical needs. FORTRAN scientific codes are not far behind,
| either. Better get crackin'.
| pjmlp wrote:
| Yet COBOL and Fortran standards are way more modern than
| WG14 will ever bother doing to C.
| anthk wrote:
| I2P should be preferred. IP2D it's a nice daemon.
| ravenstine wrote:
| Yeah I hate to always be that guy, but while I think Tor is
| great in that it exists at all and has inspired other projects,
| I think I2P is an overall better design. Not having a history
| with the US military or funding from DARPA is a plus, IMO. Tor
| isn't necessarily flawed for that reason, but I trust less
| anything the US government takes an interest in.
|
| For anyone wondering what we're talking about:
|
| https://geti2p.net (Official Java implementation)
|
| https://github.com/PurpleI2P/i2pd (C++ implementation)
|
| The unfortunate thing is that, as far as I'm aware, I2P doesn't
| have a "Tor Browser" of sorts, and most people would want to
| use I2P as a clearnet proxy; the audience for I2P may always be
| significantly less than that of Tor even if it was revealed
| that Tor was totally flawed.
|
| I think that I2P could benefit from selling itself less as a
| means of anonymity and more as decentralized, censorship-
| resistant web hosting. The clearnet should then have inproxies
| to expose I2P sites rather than the other way around, as is the
| typical use case for Tor. That way you can spin up an I2P
| instance anywhere, instantly have a web server on a unique
| address, and have it be available on any number of clearnet
| inproxy nodes as well as to anyone connected directly to the
| network.
|
| Having played a lot with I2P recently, I find it more "fun"
| than using Tor. It lacks in content, but its focus on hidden
| services (eepsites) and the relatively small number of users is
| reminiscent of he web back when I first started using it in the
| 90s. I like that it has a sort of DNS system that is only as
| centralized as you want it, and that it has a built in way of
| assigning your own domain aliases. Even if you (the reader)
| aren't interested in anonymous decentralized networking for any
| practical reason, I'd say it's worth testing out I2P just to
| get a kick out of how novel it is.
| panick21_ wrote:
| Is this possible to run on no_std systems or systems like XousOS
| (has its own std)? Would be cool to run on Precursor.
|
| https://www.crowdsupply.com/sutajio-kosagi/precursor/updates...
| trinity-1686a wrote:
| Right now it's not possible, but you could open an issue and
| maybe someday it will be! If you want to open an issue, it's
| here https://gitlab.torproject.org/tpo/core/arti/-/issues . If
| you don't want to create an account, say it and I'll create the
| issue for you.
|
| Edit: corrected typo in link
| qersist3nce wrote:
| So at this point it is ready for passing traffic through a SOCKS
| proxy. Meaning we can `cargo run --release -- proxy` and redirect
| applications to use port `9150` for their network connections.
|
| Couple of related questions:
|
| - Does anyone know, in a Linux distro, how to pass _all_ system
| traffic through a SOCKS proxy port? I 'm not looking for
| intermediary proxy handlers but an official method to force all
| user and system apps to use an arbitrary port.
|
| - If it is not possible to do so, does `NetworkManager` have a
| setting for this?
|
| - Is it possible to at least change Chrome/Firefox ports via CLI
| to an arbitrary port?
| onedognight wrote:
| One way is to enable a global `LD_PRELOAD=libtsocks.so`
| (transparent socks) environment variable where you provide an
| optionally suid (to allow suid binaries to use it if you want)
| library that overrides `connect`, etc. and forwards them to
| your socks proxy. Make sure you get ipv4 and ipv6 support if
| you care. This is not bullet proof by any means. Any
| application that doesn't using the C library (e.g. go) will not
| proxy, but most things will.
| paskozdilar wrote:
| There is a shell wrapper `tsocks` that does all that - all
| you need is to configure the SOCKS server/port in
| /etc/tsocks.conf and run `tsocks $COMMAND`, and all the TCP
| connections of `$COMMAND` will be tunneled through the SOCKS
| proxy.
|
| Combined with ssh's `-D` option, it becomes a powerful ad-hoc
| VPN tool.
| hkt wrote:
| TIL about stocks - thank you!
| beardog wrote:
| You have to be careful proxying everything through Tor if you
| care about using Tor to its full effectiveness, widely known
| issues with exit nodes aside, applications may naively sent
| through the same circuit:
| https://www.whonix.org/wiki/Stream_Isolation
| guerby wrote:
| The way it's done is described here:
|
| https://unix.stackexchange.com/questions/166692/how-does-a-t...
|
| A part from tor I don't know if there's a generic tool
| packaging this.
| guerby wrote:
| Found one here:
|
| https://hev.cc/3033.html
|
| https://github.com/heiher/hev-socks5-tproxy
| nofunsir wrote:
| <NOTIFICATION: Incoming chat from random IT person> Hey so I've
| been meaning to ask you about all this ssh traffic coming from
| your box. Do you know what that could be?
| e12e wrote:
| I don't think you can generally expect all processes to
| transparently use a SOCKS proxy? You might be able to finagle a
| custom vpn around it, I suppose. But AFAIK SOCKS isn't 100%
| transparent at the IP layer allowing all protocols to
| transparently layer on top?
|
| I guess SOCKS5 handles tcp and udp - so you might get away with
| redsocks (which explicitly recommends against using with TOR):
|
| https://github.com/darkk/redsocks
|
| See also transocks (SOCKS4 tcp only):
| https://transocks.sourceforge.net
|
| And transocks (in go) https://github.com/cybozu-go/transocks
|
| Ed: see also https://news.ycombinator.com/item?id=30684574
| samhw wrote:
| Does anyone know how TAILS accomplishes this, then? It
| doesn't rely on a relay like Whonix does, but I'm not a
| networking expert or a Linux expert, so I'm not altogether
| sure how it _does_ work.
| nopcode wrote:
| TAILS has a very simple approach:
|
| - Configure all applications to use Tor with the SOCKS
| proxy
|
| - Block all non-Tor traffic with iptables
|
| https://tails.boum.org/contribute/design/Tor_enforcement
| conradev wrote:
| Tor itself does not support UDP, even if SOCKS might
| e12e wrote:
| Good point. Makes it a better fit for SOCKS I suppose. Tor
| does dns over tcp - or no dns?
| koblas wrote:
| Isn't that just NAT through a SOCKS proxy as transport.
|
| Never would have imaged that use case.
| qersist3nce wrote:
| >Never would have imaged that use case.
|
| circumventing censorship and geo-restrictions?
| nopcode wrote:
| Best option is to use software that supports SOCKS.
| Alternatively you can set up local proxies (eg stunnel) or
| inject SOCKS support into the TCP calls of your app (eg.
| ProxyChains)
|
| Tor only supports TCP, so you cannot route _all_ traffic over
| Tor, you will have to drop a bunch.
| DeathArrow wrote:
| remram wrote:
| Do you ask that in the comments of every project on the off
| chance?
| anon_123g987 wrote:
| This question is relevant when 1: one of the most important
| (perceived) adversarial is the NSA; 2: as of 2012, 80% of The
| Tor Project's $2 million annual budget came from the United
| States government; 3: the Underhanded C Contest exists and we
| can assume that however secure Rust is, writing underhanded
| Rust code is possible.
|
| https://en.wikipedia.org/wiki/The_Tor_Project#Funding
|
| https://en.wikipedia.org/wiki/Underhanded_C_Contest
| edgyquant wrote:
| The perceived adversary is not the NSA. Tor is mean to
| protect agents and journalists from average state level
| actors. It is not meant to protect you from superpowers
| that control most of the internets backbone. I would trust
| tor to protect me from Assad (or some other dictator of a
| mid level power) I would not trust it to keep me safe from
| Putin or Xi.
| yjftsjthsd-h wrote:
| I'm not sure that follows. First, funding != code. And the
| Underhanded C Contest exists because C kind of sucks; since
| Rust largely exists _specifically to solve the problems
| with C_ , I would like rather more compelling evidence that
| underhanded Rust is possible than pointing at C.
| shellac wrote:
| The Tor project was largely funded by the US government
| initially. If you use Tor currently it's already that
| compromised, if you consider that an issue.
| malfist wrote:
| > If you use Tor currently it's already that compromised, if
| you consider that an issue
|
| --That's a very bold claim. Got any extraordinary evidence
| for your extraordinary claim?--
|
| Edit: Misread! Thought you were claiming that tor was
| compromised. Not that tor was funded. My mistake
| shellac wrote:
| I crafted this conditional to make no actual claim at all.
| Personally I don't consider the funding an issue, their
| processes seemed sound. But if you do then Tor is pretty
| much a lost cause from the beginning.
|
| Edit: no worries :-)
| fastball wrote:
| Notice the "that" in "that compromised".
| freemint wrote:
| Would it matter?
| justinclift wrote:
| Yes. Extra chance of backdoors. :/
| freemint wrote:
| Funding doesn't control code? It just controls what is
| being worked on.
| michaelcampbell wrote:
| To many, yes.
| ggreg84 wrote:
| To many on the internet which was financed by DARPA?
|
| The irony is strong on this thread.
| justinclift wrote:
| Perhaps you're forgetting that although the NSA have at
| times historically been regarded as good guys, they've
| since been found to quietly backdoor crypto products
| (etc) to others detriment.
|
| That's a bit different from DARPA.
| [deleted]
| pjmlp wrote:
| Do those same people also use SELinux?
| krageon wrote:
| Of course not. SELinux is functionally unusable due to
| it's historical ties. Which is a real shame, because the
| network limiting (used to be, it's been a while since I
| looked) is very easy to use and quite good.
| pjmlp wrote:
| So unusable that millions of people use it without
| knowing on their Android and ChromeOS devices.
| edgyquant wrote:
| SELinux is not unusable, it's open source anyway.
| yjftsjthsd-h wrote:
| Is that likely? People who don't trust things backed by
| the US gov't _are_ unlikely to be fond of SELinux, but
| even beyond that, AppArmor is used in preference to
| SELinux by the Debian and SUSE families, which probably
| gives it a greater share of the Desktop Linux market (vs
| SELinux, mostly used by the Red Hat family) even without
| ideological /trust issues in play.
| pjmlp wrote:
| SELinux is turned on across all Android and ChromeOS
| devices.
| yjftsjthsd-h wrote:
| I'm skeptical that there's much overlap between "people
| who seriously use TOR" and "people who use ChromeOS", but
| yeah Android is a fair point. (And I'll certainly grant
| that there are probably more Android devices out there
| than laptops/desktops running Debian derivatives.)
| michaelcampbell wrote:
| Dunno, is that relevant? Are any among us completely
| devoid of any inconsistencies or hypocrisy?
| pjmlp wrote:
| Given it was developed by NSA, completely relevant.
| edgyquant wrote:
| But Tor wasn't, so it's a derail to begin with
| dragonwriter wrote:
| Tor was developed by the US Naval Research Laboratory to
| protect communications of the US intelligence community,
| so while it wasn't strictly developed by the NSA, if one
| considers products of the NSA contaminated by their
| connection to the US intelligence community, it's pretty
| hard not to see Tor as tainted in the same way.
| pjmlp wrote:
| It did not stop SELinux to be used everywhere.
| hexo wrote:
| The title. Omg. It is incorrect. Misleading. And infuriating.
| fastball wrote:
| How so?
| hexo wrote:
| Because it is just a library for rust programs. Not even
| close to reimplementation of Tor for general use.
|
| edit: yea, downvoters, show your own inability to process
| truth. I love this grown up behavior here on HN.
| wolrah wrote:
| It's also a SOCKS proxy, which at least the last time I
| used Tor standalone (where I'd have to configure it myself,
| as opposed to as part of TBB or TAILS where it's set up for
| me) was the main way a client would access the network.
| pitaj wrote:
| It's also a binary that supports a SOCKS proxy.
|
| FYI, complaining about downvotes violates the HN
| guidelines.
| neilalexander wrote:
| I'm not in the slightest bit surprised you are being
| downvoted -- your comment is overly dramatic and not a
| remotely useful contribution. The title of the post of "An
| implementation of Tor in Rust". The project claims to be an
| implementation of Tor, which it is, and it claims to be
| written in Rust, which it is. It doesn't claim to be a
| standalone replacement, it doesn't claim to be finished and
| it doesn't claim to be not-a-library.
| cassepipe wrote:
| I think the downvotes were for an very emotional claim
| ("infuriating") backed up by 0 arguments. Although it is
| weird to me that the actual explanation got downvoted
| instead of the original claim
| seumars wrote:
| Couldn't find any introduction to the project on the blog but the
| official repo has more info on the background for the project:
|
| >Rust is more secure than C. Despite our efforts, it's all too
| simple to mess up when using a language that does not enforce
| memory safety. We estimate that at least half of our tracked
| security vulnerabilities would have been impossible in Rust, and
| many of the others would have been very unlikely.
|
| >Arti is cleaner than our C tor implementation. Although we've
| tried to develop C tor well, we've learned a lot since we started
| it back in 2002. There are lots of places in the current C
| codebase where complicated "spaghetti" relationships between
| different pieces of code make our software needlessly hard to
| understand and improve.
|
| https://gitlab.torproject.org/tpo/core/arti
| colesantiago wrote:
| liopleurodon wrote:
| janandonly wrote:
| I am not a big fan of alt-coins, but I'm not sure I would dare
| call ZCash a "Crypto token scam project".
|
| A scam in my book has one or more of the following properties:
|
| - pre-mined (a part) off all tokes (like ETH ~70%) [1]
|
| - has a team that will "rug pull" the users of their coin
| (think ONEcoin) [2]
|
| - Is only paying lip-service to being decentralized (think
| again ETH) [3]
|
| Also, who cares where the money comes from? I believe TOR is a
| project worthy of sponsoring...
|
| [1] https://etherscan.io/stat/supply [2]
| https://cryptotips.eu/en/blog/the-onecoin-scam/ [3]
| https://decrypt.co/44321/70-of-ethereum-nodes-are-hosted-on-...
| colesantiago wrote:
| All of them are, including this 'ZCash'. As long as there are
| enough greater fools to pump the price of the token. Only for
| them to lose their money in the end.
|
| Tor is already seen in a bad light for being used for illicit
| activity, terrorism, illegal drugs, etc. We can have and fund
| tools that enhances privacy without endorsing or taking money
| from a so called 'cryptocurrency' that exists to distribute
| fake internet dark web tokens.
| krageon wrote:
| > All of them are
|
| Perhaps instead of spreading even more ink around you could
| go into why you think this is the case. As it stands, the
| reader can only conclude you are angry - nothing else.
| colesantiago wrote:
| As I have mentioned before on other threads, crypto has
| no usecase other than to speculate on the token price,
| scam people and to embolden ransomware in the case with
| Zcash and other privacy tokens. On top of it all they all
| are unregulated and fluctuate too much to even act as
| proper currencies which they are not.
|
| Other voices such as Luke [0] explain in vastly more than
| a HN thread.
|
| [0] https://lukeplant.me.uk/blog/posts/the-technological-
| case-ag...
| xiphias2 wrote:
| At least if the are fake they can't be used for drugs and
| terrorism. Otherwise it wouldn't be fake :)
|
| You're contradicting yourself many times in this thread.
| colesantiago wrote:
| Wrong.
|
| I explicitly do not call them currencies because they
| cannot be used as such in the real world. All these
| tokens are extremely volatile and always used by
| speculators which makes them useless to be used as a
| currency.
|
| It is fake money that is being cashed out for fiat money
| on these unregulated token exchanges, not to mention the
| decentralised ones.
| dallashoxton wrote:
| But you just outlined use cases for crypto (illicit
| activity, etc) in your grandparent post while
| simultaneously claiming crypto can't be used as a
| currency. Which is it?
| colesantiago wrote:
| Both.
|
| As I said, they aren't useful at all in the real world
| legally, only on unregulated exchanges where only mostly
| criminals are able to swap their tokens for fiat from
| their scores of ransomware raids and scams.
|
| I would be in favour of regulations needing to kill this
| part off as Monero and Zcash isn't accepted on most of
| them. Not to mention you cannot even pay your taxes with
| these crypto tokens.
| xiphias2 wrote:
| It's quite easy to be ,,just'' a criminal nowdays. All
| you need is just be born in a country led by a
| multibillionaire dictator who wants to nuke the world and
| want to receive your salary for your hard work from an
| American company.
| WesternWind wrote:
| I mean I urge folks who have the ability to direct some of
| their company's money towards Tor. It's directly helping both
| Ukranian and Russian citizens right now.
| colesantiago wrote:
| Sure Tor helps Ukrainian and Russian citizens, but I urge the
| Tor foundation to question themselves and to stop accepting
| crypto token donations and grants.
|
| It acts as an endorsement and emboldens the cryptobros,
| enthusiasts and fans to pump the price of the token.
| DoItToMe81 wrote:
| Why should they forgo an opportunity for funding that
| allows people to donate in countries where direct bank
| transfers to the Tor project would be logged and marked as
| suspicious, and which is resistant to payment processors
| deciding not to process the donations? Because you
| personally don't like cryptocurrency? That is ridiculously
| childish.
| colesantiago wrote:
| There is no reason to present a personal attack with your
| non-argument. As I said before in other threads there are
| alternative ways they can receive grants for funding of
| Tor projects without endorsing crypto scams. I mentioned
| Mozilla and Rust foundation as examples.
|
| On the crypto tokens, there are tons of reasons not to
| use them as I have mentioned on this thread and others
| have mentioned as well. [0]
|
| [0] https://lukeplant.me.uk/blog/posts/the-technological-
| case-ag...
| kerowak wrote:
| Privacy coins like zcash and monero should be considered
| distinct from the rest of the crypto sphere. They
| actually serve their use case very well, and of all
| cryptos they easily see the most use as actual currency
| rather than vehicles for speculation.
|
| Their use case just happens to be purchasing drugs and
| other illicit products off deep web marketplaces. Or
| receiving payments for ransomware.
| krater23 wrote:
| When you know a better solution just name it. It's easy to
| criticice a decision when you don't need to find a better
| way. Who's interested in some crypto bros and some idiots
| that lose their money when you don't have another working
| possibility?
| colesantiago wrote:
| I already did. They can go for the Rust Foundation Grants
| Program or perhaps the Mozilla Foundation grants program.
|
| I am sure there are other grants that I have missed out
| but the solution is there.
| esyir wrote:
| I despise crypto, but telling an underfunded OSS project to
| abandon scarce funding for what is a relatively minor
| ideological reason definitely rubs me the wrong way.
|
| Rather than demanding them to change, why not find a way to
| help secure them a source of less objectionable funding.
| oefrha wrote:
| Is it underfunded? (Genuine question.) According to the 2020
| fiscal report they received ~$4.5mm in donations and grants
| which isn't too shabby.
|
| https://blog.torproject.org/transparency-openness-and-
| our-20...
| esyir wrote:
| While funding is decent, you'd also want to compare to
| expenses, as well as reserves. The 2020 report did show an
| overall gain, but this has to be contrasted against the
| depletion of reserves in the previous year, not to mention
| the overall trend.
| colesantiago wrote:
| I would want them to at least go to the Rust Foundation
| Grants Program [0] or perhaps the Mozilla Foundation grants
| program [1].
|
| This isn't minor, Wikimedia [2] is also asking the same thing
| of their project and they shouldn't use or endorse these
| crypto tokens, same thing as Tor.
|
| [0] https://foundation.rust-lang.org/news/2021-12-09-news-
| rust-f...
|
| [1] https://foundation.mozilla.org/en/what-we-fund/
|
| [2] https://meta.wikimedia.org/wiki/Requests_for_comment/Stop
| _ac...
| loeg wrote:
| Wikimedia is one of the most well-funded non-profits on the
| planet; they have largely unconstrained spending. They can
| easily be choosy about funding sources while other projects
| cannot afford to be.
| colesantiago wrote:
| I have already mentioned elsewhere in the thread
| alternative sources of grant funding they can use which
| are not an endorsement of the crypto space.
| yjftsjthsd-h wrote:
| > This isn't minor, Wikimedia [2] is also asking the same
| thing of their project and they shouldn't use or endorse
| these crypto tokens, same thing as Tor.
|
| https://meta.wikimedia.org/wiki/Requests_for_comment/Stop_a
| c... is a proposal with what looks like extremely divided
| voting; I'm not seeing where it was ratified? So Wikimedia
| is _not_ asking that, someone _suggested_ that Wikimedia
| should ask that.
| colesantiago wrote:
| So it isn't a minor open and shut case then as you said?
| Surely something minor should have been sorted quickly
| no?
|
| And most people actually support the motion to stop
| accepting them, despite the division it is the correct
| decision.
|
| I only hope that Tor does the same.
| Akaahn wrote:
| Using crypto is a good thing in my eyes, but you seem to be
| convinced that crypto is all evil and a scam.
|
| We've seen in recent years that fiat payment systems are ran by
| bad actors, that will on a whim revoke access to their systems
| to any entity they deem "problematic", even if no laws have
| been broken.
|
| Crypto allows entities to freely exchange money without having
| to worry about passing some arbitrary purity test or getting
| witch-hunted into oblivion.
| colesantiago wrote:
| It simply is. Not just 'ZCash' but the entire space [0].
|
| [0] https://lukeplant.me.uk/blog/posts/the-technological-
| case-ag...
| conradev wrote:
| The entire space is a scam? Luke makes some good points and
| some not so good points about the challenges with the
| technology.
|
| He acknowledges that every single digital transaction you
| make can be seen by banks, for example, and yet does not
| propose an alternative solution. Credit card data is among
| the most valuable, and sold many times over to advertisers.
|
| Do you personally think that that is a problem worth
| figuring out how to solve? If you don't, it's going to be
| hard to see the point. Similar to how we don't need
| encryption because we have nothing to hide.
| colesantiago wrote:
| Yes. Web3, Crypto, all of it.
|
| This website [0] chronicles all what is going on in web3
| and this site is an excellent rebuttal of the entire
| space [1]
|
| [0] https://web3isgoinggreat.com/
|
| [1] https://www.stephendiehl.com/blog/against-crypto.html
| conradev wrote:
| You are linking to those as if I haven't read them - I
| have! I find the grift in the space just as gross.
|
| You didn't answer my second question about whether you
| (yes, you, not Stephen Diehl) think that having a private
| way to transact online is important. Do you?
|
| The next question for you is a little more philosophical
| - say cryptocurrency is bad, evil and should be "gotten
| rid of". What do you propose we do about that? Ban Proof
| of Work? Yell about it online and pretend that's going to
| make it go away? Nothing I have heard about "what to do
| about it" quite makes sense. I think the actual answer is
| going to involve convincing people of things - people who
| work in cryptocurrency. Unilateral critics are working
| pretty hard against themselves in that regard.
|
| The overall stance reminds me of people who think
| Facebook or Spotify are evil - they very well may be, but
| they provided such a massive utility to the world that
| the ideas are not going away (a social network connecting
| most humans on earth and an instantly accessible database
| of most music ever recorded). You have to fix what is out
| there, because you can't really put the genie back in the
| bottle.
| colesantiago wrote:
| Tight regulations is the solution and is needed on the
| crypto space.
|
| The privacy tokens will be first, Monero, ZCash, etc,
| they will be completely banned and made illegal due to
| this, (why does Coinbase still not allow these tokens?)
|
| Next, we need to crackdown tighter on the exchange ramps,
| we only have to look at the Tether fraud [0] that is
| happening, then the crackdown will begin on the whole
| space.
|
| Then the crash will happen from there and the fallout
| would be terrible for people who bought these now
| worthless casino chips. So maybe that crypto will still
| exist but way less people will use them, especially the
| privacy ones.
|
| [0] https://www.bloomberg.com/news/features/2021-10-07/cr
| ypto-my...
| onebot wrote:
| You are entitled to your opinion. But it is just that, an
| opinion. Not fact. Citing other opinions doesn't make
| your claim, that all crypto and web3 are a scam, a fact.
|
| Only time will tell. In the meantime, I am happy that
| this project can get _any_ funding from wherever it can.
| Especially, since open source is a thankless and
| typically paid-less job.
| colesantiago wrote:
| > I am happy that this project can get any funding from
| wherever it can.
|
| There is nothing wrong with calling it what it really is.
| A scam. Complete fact. I can cite countless sources that
| wouldn't fit this comment box, but instead I point to
| alternatives as others have asked. [0] [1]
|
| As I said before, solutions exist already outside of
| accepting and endorsing crypto scam token projects.
|
| [0] https://foundation.rust-
| lang.org/news/2021-12-09-news-rust-f...
|
| [1] https://foundation.mozilla.org/en/what-we-fund/
| ArtWomb wrote:
| Small crypto grants seem perfectly designed for just such a
| project as Tor! I mean if one discounts the possibility of a
| rug pull situation, it has all the hallmarks: privacy
| preserving, decentralized, fungible ;)
| colesantiago wrote:
| seanw444 wrote:
| Bad actors use effective technologies, just like good ones
| do. So what?
| colesantiago wrote:
| So this means that Tor taking money from Zcash is an
| explicit endorsement of the crypto token space and the
| scams and speculation and environmental destruction they
| harbour.
|
| Not to mention the ransomware enablement of a so called
| privacy token.
|
| I don't think Tor would want to be associated with all of
| that on top of all the other illicit activities they are
| already associated with.
| robbedpeter wrote:
| So when did you stop using Amazon? Or Apple? Or Visa?
| Because of the gift card scams. Or the usd? Almost all
| crime is paid for in usd.
|
| Your argument is less than merited because there is no
| moral contrast with alternatives. Guilt by association is
| fallacious. That leaves only "because you don't like it"
| and that's a valid opinion, which you're welcome to, but
| having privacy enabling technology allows real world
| freedom. Others of us have the opinion that despite bad
| people existing, supporting the freedom and anonymity of
| people, good or bad, is an improvement to the world.
| colesantiago wrote:
| Your whataboutism is missing the core point.
|
| These privacy tokens enable ransomware, full stop. Taking
| money from them enables them to exist and to allow
| criminals to continue using Zcash, Monero, etc and
| effects are huge. They are not even regulated and this
| needs to stop.
|
| Even if I were to use these crypto tokens, the price
| would fall over drastically upon receiving them. No
| notable improvement or use at all than receiving a
| donation or grant via card payment straight into my bank
| account. No scams or price drops at all there.
|
| > Others of us have the opinion that despite bad people
| existing, supporting the freedom and anonymity of people,
| good or bad, is an improvement to the world.
|
| There is nothing wrong with having privacy enabling
| technology, I didn't argue this at all so I am calling
| strawman on this.
|
| What I do not want is for the Tor foundation endorse or
| accept money from a project that environmentally
| destructive and only benefits speculation, scams and
| doesn't work as a currency at all.
| Stupulous wrote:
| Taking a donor's money is at most an implicit
| endorsement. If an active serial killer gave me a million
| dollars to make the world a better place, it would be
| wrong for me to refuse to move money from a bad actor to
| those in need.
| colesantiago wrote:
| Great strawman but I still disagree and it is not what is
| happening here, it is still an endorsement of crypto
| scams, and in the case for crypto, this only amplifies
| the adoption of ransomware, scams and sure bad actors
| _because_ of the donation. It just makes it all worse.
| Stupulous wrote:
| I don't understand how what I said is a strawman. I think
| an active serial killer is orders of magnitude worse than
| any crypto scam, but I would still take their money- ie.
| I'm disagreeing with a stronger version of your point.
| [deleted]
___________________________________________________________________
(page generated 2022-03-15 23:01 UTC)